The courses overview is centered around information sharing, collaboration around the different aspects of DFIR (digital forensic and incident response). The training setup includes a set of MISP instances in order to support the activities during the training and especially to improve collaboration between teams and sharing at large. The neolea training materials are part of the neolea model which is a concept in development to improve the capabilities for LEA while improving the tooling used in DFIR.
- 100 Introductory - Basis are required to benefit from the other trainings (MISP and information sharing)
- 200 Intermediate - DFIR topics (from digital forensic to network forensic analysis)
- 300 Advanced - Advanced topics (data mining, cryptography)
- E.100 MISP - Open Source Threat Intelligence Platform Supporting Digital Forensic and Incident Response
- E.200 Post Mortem Analysis Techniques of Fake Invoices Manipulated PDF documents
- E.201 Digital Forensics - Introduction: Post-mortem Digital Forensics
- E.202 Network forensic - Analysing black-hole monitoring dataset How to better understand DDoS attacks from backscatter traffic, opportunistic network scanning and exploitation
- E.203 Digital Forensics - Introduction: File System and Data Recovery
- E.204 Digital Forensics - Introduction: Windows Memory and File Forensics
- E.300 Data mining using the AIL project
- E.301 Cryptography Workarounds For Law Enforcement
All the materials are dual-licensed under GNU Affero General Public License version 3 or later and the Creative Commons Attribution-ShareAlike 4.0 International. You can use either one of the licenses depending of your use case of the training materials.
The neolea project training materials developed by CIRCL Computer Incident Response Center Luxembourg, and co-financed within ENFORCE.
ENFORCE is an 18-month European project co-funded by the European Commission in the framework of the Internal Security Fund – Police. The project runs from December 2018 to May 2020. The ENFORCE project aims at designing, setting-up, and disseminating a cybercrime training curriculum at the European level. This curriculum will be validated during a training exercise allowing different European public (e.g. law enforcement agencies and CSIRTs) and private actors fighting cybercrime to train together using state-of-the-art training technology. ENFORCE project is coordinated by CEIS and a partnership between CIRCL, French Ministry of Interior and CEIS.
All the source code is available at https://www.github.com/neolea/neolea-training-materials.
If you reuse the training materials, don't forget to include the above for attribution.
Feel free to fork the training materials, play with it, make some updates or create new content and send us the pull requests. If you have some proposals, ideas or updates, you can also open an issue.